Threat Intelligence Blog

Weekly Threat Intelligence Brief: March 13, 2018

Posted March 13, 2018

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Technology

“Japanese game developer Nippon Ichi Software (NIS) has suffered a major data breach and is offering customers, er, $5 as compensation. In an email sent to customers last week, NIS admitted that its American arm had fallen victim to a breach compromising the personal and financial data of its online customers. While it’s unclear how many customers have been affected, NIS has confirmed that the breach took place between 3 January and 26 February and affected two of its online stores, which have since been taken offline. However, during that time frame, hackers were able to make off with customers payment card details, email address and address information, although NIS has said that those who ordered using PayPal have not been affected. NIS noted that it does not store customers’ payment card information and that user accounts are used “primarily to track past orders and gain rewards points.” Data for past orders is stored securely and will only show the last four digits of a credit card, and will not show the CVV security code or expiration date,” NIS said. NIS is recommending, naturally, that all customers change their passwords immediately and check their card statements for any suspicious activity.”

Energy

“A new analysis of industrial control components used by utilities indicated 61 percent of them could cause “severe operational impact” if affected by a cyberattack. The research from cybersecurity firm Dragos, as reported by The Daily Beast, looked at 163 new security vulnerabilities that came to light last year. So far, 72 percent of the vulnerabilities have no known way to be closed. However, only 15 percent of the vulnerabilities are accessible from the outside, with the rest requiring the attacker to have already gained access to a plant operations network. The majority of the security holes are in equipment that are already tightly secured in other ways. The report by Dragos, which covers an array of potential cybersecurity threats worldwide, notes Russian hackers caused an electrical outage in Ukraine over a year ago, and North Korea may be looking to do the same in the United States. Currently, malware known as Covellite is attacking electric utilities in the United States, Europe and parts of east Asia with spear-phishing attacks.”

Operational Risk

“A security firm, the Romanian Police, and Europol allegedly gained access to the GandCrab Ransomware’s Command & Control servers, which allowed them to recover some of the victim’s decryption keys. This allowed researchers to release a tool that could decrypt some victim’s files. After this breach, the GandCrab developers stated that they would release a second version of GandCrab that included a more secure command & control server in order to prevent a similar compromise in the future. Researchers have since discovered that GandCrab version 2 was released, which contains changes that supposedly make it more secure and allow us to differentiate it from the original version.”

Reputational Risk

“Intel has issued updated microcode to help safeguard its Broadwell and Haswell chips from the Spectre Variant 2 security exploits. According to Intel documents, an array of its older processors, including the Broadwell Xeon E3, Broadwell U/Y, Haswell H,S and Haswell Xeon E3 platforms, have now been fixed and are available to hardware partners. The company’s new microcode updates come a week after Intel also issued updates for its newer chip platforms like Kaby Lake, Coffee Lake and Skylake. The Spectre and Meltdown defects, which account for three variants of a side-channel analysis security issue in server and desktop processors, could potentially allow hackers to access users’ protected data. Meltdown breaks down the mechanism keeping applications from accessing arbitrary system memory, while Spectre tricks other applications into accessing arbitrary locations in their memory. According to Intel’s documentation, the Spectre fixes for Sandy Bridge and Ivy Bridge are still in beta and are being tested by hardware partners.”